Why is SMB2 still disabled in our client by default?
Jeremy Allison
jra at samba.org
Fri Mar 28 11:27:26 MDT 2014
On Fri, Mar 28, 2014 at 01:36:11PM +0100, Stefan (metze) Metzmacher wrote:
> Am 04.03.2014 23:59, schrieb Andrew Bartlett:
> > Just wondering, as it came up during the docs/param work:
> >
> > Why do we only set 'client max protocol = NT1' by default?
> >
> > What is required to move this up to SMB2/3?
> >
> > The reason for my interest is that I still want to find a way to force
> > winbindd to require SMB signing for all authenticated connections, to
> > reduce our attack surface for future DCE/RPC bugs, and to validate that
> > the DC is really the one feeding us users and groups.
>
> Jeremy, are we sure each smbclient command and every libsmbclient
> function call
> work with SMB2? If so we could change the default for 4.2 to "SMB3".
SMB2 doesn't have the UNIX extensions, so several
smbclient commands will fail without -mSMB1 if we change
the default. That's not obviously a reason not to do
this of course.
I don't think libsmbclient depends on UNIX extensions,
but it does use them if available to give a better
UNIX -> UNIX experience.
Jeremy.
More information about the samba-technical
mailing list